364817faf68a4f6da9d49eeb14735537230c35f5bdd6e0a24e13a1f3652f6e19 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

364817faf68a4f6da9d49eeb14735537230c35f5bdd6e0a24e13a1f3652f6e19.vbe
Size

206KB
Sample

240419-bkrsracc32
MD5

0d7f8e709882acc61cd9366186f1e7d5
SHA1

b6fd422590eb87824051092b8c04cb1e58ab4abd
SHA256

364817faf68a4f6da9d49eeb14735537230c35f5bdd6e0a24e13a1f3652f6e19
SHA512

6a5ca966f086f9b8b6b4c7b2d86ab63d70349c0f227990913f35c7f6fdacb5f86e79133023d2791a3b55328616930a7b6c907e74f2291884a3a68445eb2eaebc
SSDEEP

6144:/YBgIjQvrMbWSR4WHUJJs9E87Fy4lZrUChpqKmjum4QlNVrDjXR46cCPCRJfAqNl:M2dOxP6o

Score

8^/10

Malware Config

Targets

- Target
  
  364817faf68a4f6da9d49eeb14735537230c35f5bdd6e0a24e13a1f3652f6e19.vbe
- Size
  
  206KB
- MD5
  
  0d7f8e709882acc61cd9366186f1e7d5
- SHA1
  
  b6fd422590eb87824051092b8c04cb1e58ab4abd
- SHA256
  
  364817faf68a4f6da9d49eeb14735537230c35f5bdd6e0a24e13a1f3652f6e19
- SHA512
  
  6a5ca966f086f9b8b6b4c7b2d86ab63d70349c0f227990913f35c7f6fdacb5f86e79133023d2791a3b55328616930a7b6c907e74f2291884a3a68445eb2eaebc
- SSDEEP
  
  6144:/YBgIjQvrMbWSR4WHUJJs9E87Fy4lZrUChpqKmjum4QlNVrDjXR46cCPCRJfAqNl:M2dOxP6o
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2